Abstract
In this paper we consider the problem of enforcing dependencies during software distribution process. We consider a model in which multiple independent vendors encrypt their software and distribute it by means of untrusted mirror repositories. The decryption of each package is executed on the user side and it is possible if and only if the target device satisfies the dependency requirements posed by the vendor. Once a package is decrypted, the protocol non-interactively updates the key material on the target device so that the decryption of future packages requiring the newly installed package can be executed.
We further present a variant of the protocol in which also the vendor defined installation policy can be partially hidden from unauthorized users.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Ambrosin, M., Busold, C., Conti, M., Sadeghi, A.-R., Schunter, M.: Updaticator: updating billions of devices by an efficient, scalable and secure software update distribution over untrusted cache-enabled networks. In: ESORICS (2014), pp. 76–93 (2014)
Bellissimo, A., Burgess, J., Fu, K.: Secure software updates: disappointments and new challenges. In: HotSec (2006)
Cappos, J.: Avoiding theoretical optimality to efficiently and privately retrieve security updates. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 386–394. Springer, Heidelberg (2013)
Cappos, J., Samuel, J., Baker, S., Hartman, J.H.: A look in the mirror: attacks on package managers. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 565–574. ACM (2008)
Catuogno, L., Gassirà, R., Masullo, M., Visconti, I.: Smartk: Smart cards in operating systems at kernel level. Information Security Technical Report 17(3), 93–104 (2013). Security and Privacy for Digital Ecosystems
Di Crescenzo, G., Galdi, C.: Hypergraph decomposition and secret sharing. Discrete Applied Mathematics 157(5), 928–946 (2009)
Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)
Dolstra, E., De Jonge, M., Visser, E.: Nix: a safe and policy-free system for software deployment. In: LISA, vol. 4, pp. 79–92 (2004)
Dumitraş, T., Kavulya, S., Narasimhan, P.: A fault model for upgrades in distributed systems (cmu-pdl-08-115). CMU-PDL-08-115 (2008)
GlobalPlatform. TEE system architecture v1.0. http://globalplatform.org
Hart, J., D’Amelia, J.: An analysis of RPM validation drift. In: LISA, vol. 2, pp. 155–166 (2002)
Ito, M., Saito, A., Nishizeki, T.: Secret sharing scheme realizing general access structure. Electronics and Communications in Japan (Part III: Fundamental Electronic Science 72(9), 56–64 (1989)
Neuhaus, S., Zimmermann, T.: The beauty and the beast: vulnerabilities in red Hat’s packages. In: USENIX Annual Technical Conference (2009)
Rubin, A.D.: Trusted distribution of software over the internet. In: 1995 Symposium on Network and Distributed System Security, (S)NDSS 1995, San Diego, California, February 16–17, 1995, pp. 47–53 (1995)
Samuel, J., Cappos, J.: Package managers still vulnerable: How to protect your systems. login: Usenix Magazine 34(1), 7–15 (2009)
Samuel, J., Mathewson, N., Cappos, J., Dingledine, R.: Survivable key compromise in software update systems. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 61–72. ACM (2010)
Shamir, A.: How to share a secret. Communications of the ACM 22(11), 612–613 (1979)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Catuogno, L., Galdi, C., Persiano, G. (2015). Guaranteeing Dependency Enforcement in Software Updates. In: Buchegger, S., Dam, M. (eds) Secure IT Systems. NordSec 2015. Lecture Notes in Computer Science, vol 9417. Springer, Cham. https://doi.org/10.1007/978-3-319-26502-5_15
Download citation
DOI: https://doi.org/10.1007/978-3-319-26502-5_15
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-26501-8
Online ISBN: 978-3-319-26502-5
eBook Packages: Computer ScienceComputer Science (R0)